Monday, 12 September 2011

CBA for Developement

Problem: Claims Base Authentication (CBA) requires swapping certificates with each machine that will use CBA on a development domain, if you have 20 dev machines you will need to swap certs with ADFS and 20 developer machines.

Note: This post assumes all dev machines are on a single domain however several approaches will work on a standalone machine however. If ADFS is present on the local dev use it for CBA in your development environment.

Initial Hypothesis:
If your VM's are all on the same domain you can always use classic mode authentication and test the CBA on a build server. This does not make the dev env mimic the test, QA & production servers that are using claims for authentication.

Resolution:You could setup your own STS server/Service (feeding off SQL or LDAP) or use the WIF toolkit to create a claims service.
Or use SelfSTS tool to generate claims that SharePoint can consume.